Study Finds Online Privacy Tools Fail to Protect Users

Poor design and usability issues make leading online privacy management tools ineffective, according to researchers at CMU’s Cylab. The report said the results suggest that the current system of industry-led opt out protections is “fundamentally flawed.”

PrivacyPoor design and usability issues make leading online privacy management tools ineffective, according to researchers at CMU’s Cylab. The report said the results suggest that the current system of industry-led opt out protections is “fundamentally flawed.”

The report, “Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising” was released October 31. In it, the researchers observed 45 test subjects using nine tools that are supposed to limit online behavioral advertising or block access to advertising Web sites.

The tools included Web browser plug ins like Ghostery, black listing tools like PrivacyMark and browser privacy features in the latest editions of the Mozilla Firefox and Microsoft Internet Explorer Web browsers. In most cases, the researchers found, users struggled with one or more aspects of the tool in ways that reduced their effectiveness.

Blacklisting tools, for example, require users to choose from among lists of online advertising providers that most users are unfamiliar with. When it comes to browser privacy features, the researchers found, privacy settings designed to block cookies or tracking were either too simplistic or too technical. For example, the IE9 browser provides a “privacy slider” to adjust the level of privacy protection, but doesn’t explain what types of actions each level (“low,” “medium,” “high”) correspond to. Plug-ins like those from Ghostery and TACO, in contrast, use mostly technical references to different types of content (“iFrame” vs. “script” vs. “Silverlight Cookie”) that only the most technical users can distinguish between, the report found.

Finally, many of the blocking features of browsers and even add-on tools and plugins are disabled by default, requiring users to take additional steps to enable and configure them. However, many users assume (wrongly) that merely downloading and installing the tool provides default protection.

The result of all these factors is spotty protection – if any – against Web sites and advertising firms that want to track Internet users’ behavior online. That’s especially dangerous when combined with an increased expectation of privacy among users who have downloaded or enabled privacy features.

Online privacy has become a major concern in the wake of highly publicized data breaches, reports about lax security practices among onlne advertisers, and the increasing surveillance of online activity by governments. 

Suggested articles